0

UPDATE

Following four characters need to be escaped when '\' is the escape helper %[]_

  1. http://msdn.microsoft.com/en-us/library/aa933232(v=sql.80).aspx - LIKE
  2. Escape a string in SQL Server so that it is safe to use in LIKE expression
  3. How do I escape _ in SQL Server?

QUESTION

Though I searched a lot, I could not find out a problem exactly matching the following, in stack overflow.

I have a database column called Log_Description. It has two records.

1) "Sample % value record"

2) "Sample free record"

I am using SQL Command and setting parameters as shown below

commandText = commandText + “Log_Description LIKE @Log_Description”;
command.Parameters.AddwithValue(“@Log_Description”, “%”+obj. LogDescription+”%”);

Suppose the user enters “%” as search param for txtLogDescription textbox, I need to show only first record. But currently it is showing both the records.

  1. What are the possible ways to overcome this?
  2. What are the other characters that may cause such issues with the above code?

Note: I cannot prevent user from entering “%” as input

Note: I am using SQL Server as database

EDIT:

Solution I am using now is Escaping the escape character does not work – SQL LIKE Operator

    private static string CustomFormat(string input)
    {
        input = input.Replace(@"\", @"\\");
        input = input.Replace(@"%", @"\%");
        input = input.Replace(@"[", @"\[");
        input = input.Replace(@"]", @"\]");
        input = input.Replace(@"_", @"\_");
        return input;
    }

LINQ approach (with performance hit) is below

        Collection<Log> resultLogs = null;


        if (!String.IsNullOrEmpty(logSearch.LogDescription))
        {
            resultLogs = new Collection<Log>();
            var results = from o in logs where o.LogDescription.Contains(logSearch.LogDescription) select o;
            if (results != null)
            {
                foreach (var log in results)
                {
                    resultLogs.Add((Log) log);
                }
            }
        }
        else
        {
            resultLogs = logs;
        }
Community
  • 1
  • 1
LCJ
  • 22,196
  • 67
  • 260
  • 418
  • What database are you using ? SQL Server, Oracle, MySQL ? – Tommy Grovnes Nov 15 '12 at 07:35
  • 3
    If you are using SQL Server there is a similar question here http://stackoverflow.com/a/258947/1045728 , basically you would escape any % found in the search value – Tommy Grovnes Nov 15 '12 at 07:41
  • Refer http://stackoverflow.com/questions/13861004/escaping-the-escape-character-does-not-work-sql-like-operator – LCJ May 23 '13 at 11:16

1 Answers1

1

As far as escaping %, see Tommy Grovnes' comment on the question.

If you can use a List<T> instead of a Collection<T> (see here), this can be written more concisely:

var descr = logSearch.logDescription;
var results = (
    from o in logs
    where String.IsNullOrEmpty(descr) ||
            o.LogDescription.Contains(descr)
    select o
).ToList();

If you still need a Collection<T>, you can wrap the results of the LINQ query in a Collection constructor:

var results = new Collection<Log>((
    from o in logs
    where String.IsNullOrEmpty(descr) ||
            o.LogDescription.Contains(descr)
    select o
).ToList());
Community
  • 1
  • 1
Zev Spitz
  • 13,950
  • 6
  • 64
  • 136